EP1770532A1 - Dispositif d"acquisition d"information, méthode d"acquisition d"information et programme d"acquisition d"information - Google Patents

Dispositif d"acquisition d"information, méthode d"acquisition d"information et programme d"acquisition d"information Download PDF

Info

Publication number
EP1770532A1
EP1770532A1 EP05743479A EP05743479A EP1770532A1 EP 1770532 A1 EP1770532 A1 EP 1770532A1 EP 05743479 A EP05743479 A EP 05743479A EP 05743479 A EP05743479 A EP 05743479A EP 1770532 A1 EP1770532 A1 EP 1770532A1
Authority
EP
European Patent Office
Prior art keywords
information
content
group
unit
permitted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP05743479A
Other languages
German (de)
English (en)
Inventor
Toshihisa c/o Matsushita El.Ind.Co. Ltd NAKANO
Hideshi c/o Matsushita El.Ind.Co. Ltd ISHIHARA
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Panasonic Holdings Corp
Original Assignee
Matsushita Electric Industrial Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matsushita Electric Industrial Co Ltd filed Critical Matsushita Electric Industrial Co Ltd
Publication of EP1770532A1 publication Critical patent/EP1770532A1/fr
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier
    • G11B20/00217Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source
    • G11B20/00253Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is stored on the record carrier
    • G11B20/00362Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier the cryptographic key used for encryption and/or decryption of contents recorded on or reproduced from the record carrier being read from a specific source wherein the key is stored on the record carrier the key being obtained from a media key block [MKB]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/603Digital right managament [DRM]

Definitions

  • the present invention relates to techniques of limiting a type of content acquirable by a device that uses content.
  • a drive device that reads digital content from a portable medium verifies authenticity of a playback device such as a personal computer at the time of transmission/reception of the content, for protecting the content.
  • a playback device such as a personal computer at the time of transmission/reception of the content, for protecting the content.
  • One example of such device authentication is a method using identification information unique to the playback device.
  • Patent document 1 discloses a technique of, in a case where device authentication is performed using device identification information, reducing a data size of a TRL (Terminal Revocation List) which is composed of identification information of devices to be invalidated.
  • TRL Terminal Revocation List
  • non-patent document 1 discloses an authentication technique that applies digital signatures using public keys. Furthermore, public key certificates issued by a trusted certificate authority for ensuring validity of public keys are disclosed too. A device authentication method for verifying authenticity of a playback device using a public key certificate based on these techniques is widely known in the art. Meanwhile, large-capacity portable recording media such as blu-ray discs are being developed today. This makes it practical to record a large number of sets of content such as movies and music onto a single disc.
  • Conventional device authentication verifies whether a playback device is authorized or not. This being so, once the playback device has been verified as an authorized device, the playback device is allowed to read any content from a portable recording medium. In a case where a large number of sets of content are recorded on the recording medium as mentioned above, the playback device can even read content that is originally not intended for use by the playback device. For example, a music playback device can read AV content.
  • the present invention aims to provide an information acquisition device, an information acquisition method, an information acquisition program, a recording medium, and an integrated circuit that can limit a type of content readable by a playback device.
  • an information acquisition device for acquiring information from a resource in accordance with an instruction from an information use device
  • the information acquisition device including: an acquisition unit operable to acquire, from the information use device, permitted group information indicating a group of information which the information use device is permitted to use; a judgment unit operable to acquire, from the resource, use target group information indicating a group of information to which use target information held by the resource belongs, and judge whether the use target information belongs to the group indicated by the permitted group information by comparing the permitted group information and the use target group information; and a control unit operable to acquire the use target information from the resource and output the acquired use target information to the information use device if the judgment unit judges affirmatively, and suppress the output if the judgment unit judges negatively.
  • the group referred to here is a group of information classified according to a predetermined condition.
  • information may be classified depending on a type of the information such as "music”, “photographs”, “AV content”, or “games”, depending on a producer/seller of the information, depending on a copyright protection method required in using the information, depending on a security level of the information, depending on a number of replications permitted, or depending on a processing capacity required of a device that processes the information.
  • the judgment unit judges whether the use target information belongs to the group indicated by the permitted group information by comparing the use target group information with the permitted group information, and the control unit suppresses the output of the use target information if the use target information is judged as not belonging to the group indicated by the permitted group information.
  • the information acquisition device of the present invention can limit the information acquirable by the information use device, only to the information which belongs to the group indicated by the permitted group information.
  • the acquisition unit may acquire, as the permitted group information, first producer identification information showing a producer of the information which the information use device is permitted to use, wherein the judgment unit acquires, as the use target group information, second producer identification information showing a producer of the use target information, compares the first producer identification information and the second producer identification information, and judges affirmatively if the first producer identification information matches the second producer identification information.
  • the judgment unit judges the use target information as belonging to the group indicated by the permitted group information, when the first producer identification information matches the second producer identification information.
  • the information acquisition device of the present invention can limit the information acquirable by the information use device, only to the information produced/sold by the producer shown by the first producer identification information.
  • the acquisition unit may acquire, as the permitted group information, first application identification information showing an application provided in the information use device, wherein the judgment unit acquires, as the use target group information, second application identification information showing an application having a function for correctly processing the use target information, compares the first application identification information and the second application identification information, and judges affirmatively if the first application identification information matches the second application identification information.
  • the judgment unit judges the use target information as belonging to the group indicated by the permitted group information, when the first application identification information showing the application provided in the information use device matches the second application identification information showing the application having the function for correctly processing the use target information.
  • the information acquisition device of the present invention can limit the information acquirable by the information use device, only to the information that can be correctly processed by the application provided in the information use device.
  • the acquisition unit may acquire, as the permitted group information, first method identification information showing a copyright protection method adopted by the information use device, wherein the judgment unit acquires, as the use target group information, second method identification information showing a copyright protection method required in using the use target information, compares the first method identification information and the second method identification information, and judges affirmatively if the first method identification information matches the second method identification information.
  • the judgment unit judges the use target information as belonging to the group indicated by the permitted group information, when the first method identification information showing the copyright protection method adopted by the information use device matches the second method identification information showing the copyright protection method required in using the use target information.
  • the information acquisition device of the present invention can limit the information acquirable by the information use device, only to the information which, when used, requires the copyright protection method adopted by the information use device.
  • the use target information held by the resource may be generated by applying security processing to a digital work, wherein the acquisition unit acquires, as the permitted group information, a first security level showing safety of security processing, and the judgment unit acquires, as the use target group information, a second security level showing safety of the security processing applied to the digital work, compares the first security level and the second security level, and judges affirmatively if the second security level shows higher safety than the first security level.
  • the judgment unit judges the use target information as belonging to the group indicated by the permitted group information when the safety of the security processing applied to the digital work, which is shown by the second security level, is higher than the safely shown by the first security level.
  • the information acquisition device of the present invention can limit the information acquirable by the information use device, only to the information to which the security processing with higher safety than the first security level is applied.
  • a replication method for the use target information may be designated in advance, wherein the acquisition unit acquires, as the permitted group information, first copy control information showing a replication method, and the judgment unit acquires, as the use target group information, second copy control information showing the replication method designated for the use target information, compares the first copy control information and the second copy control information, and judges affirmatively if the first copy control information matches the second copy control information.
  • the replication method referred to here indicates whether to permit replication and, if permitted, a number of times the replication can be made.
  • the judgment unit judges the use target information as belonging to the group indicated by the permitted group information, when the replication method shown by the first copy control information matches the replication method designated for the use target information.
  • the information acquisition device of the present invention can limit the information acquirable by the information use device, only to the information that can be replicated according to the replication method shown by the first copy control information.
  • the acquisition unit may acquire, as the permitted group information, first capacity information showing a processing capacity of the information use device, wherein the judgment unit acquires, as the use target group information, second capacity information showing a processing capacity necessary for processing the use target information, compares the first capacity information and the second capacity information, and judges affirmatively if the processing capacity shown by the first capacity information is no lower than the processing capacity shown by the second capacity information.
  • the judgment unit judges the use target information as belonging to the group indicated by the permitted group information, when the processing capacity of the information use device is no less than the processing capacity necessary for processing the use target information.
  • the information acquisition device of the present invention can limit the information acquirable by the information use device, only to the information that can be processed within the range of the processing capacity of the information use device.
  • the information use device may hold a certificate that contains the permitted group information and signature information generated by signing at least the permitted group information, wherein the acquisition unit acquires the permitted group information in a state of being contained in the certificate, the information acquisition device further include: a signature verification unit operable to verify the signature information contained in the certificate, and the judgment unit performs the judgment only if the verification is successful.
  • the certificate includes the signature information generated by signing at least the permitted group information, and the signature verification unit verifies the signature information prior to the judgment by the judgment unit.
  • the information acquisition device of the present invention can reliably detect whether the permitted group information has been tampered with by an unauthorized third party, prior to the judgment.
  • the certificate may be issued by a trusted third party organization, with the signature information being generated by signing at least the permitted group information using a secret key held by the third party organization, wherein the signature verification unit verifies the signature information using a public key of the third party organization.
  • the certificate includes the signature information generated by signing at least the permitted group information using the secret key held by the trusted third party organization.
  • the information acquisition device of the present invention can receive the permitted group information more securely.
  • the stated aim can also be achieved by an application programused in an information use device that uses information acquired from a resource via an information acquisition device, the information use device including a storage unit operable to store permitted group information indicating a group of information which the application program is permitted to use, the application program including: an output step of reading the permitted group information corresponding to the application program from the storage unit, and outputting the read permitted group information to the information acquisition device; an acquisition step of acquiring, if the information acquisition device judges that use target information held by the resource belongs to the group indicated by the permitted group information, the use target information via the information acquisition device; and a use step of using the acquired use target information.
  • the information use device acquires data that belongs to the permitted group information corresponding to the application program, in the acquisition step. This makes it possible to limit the information acquirable by the application program, only to the information that belongs to the group indicated by the permitted group information. If the information use device has a plurality of application programs, the usable information can be limited for each individual application program.
  • the stated aim can al so be achieved by a computer readable recording medium including: use target information; and use target group information indicating a group of information to which the use target information belongs.
  • An information acquisition device which reads information from the recording medium having this construction judges, based on the use target group information, whether to output the use target information stored on the recording medium to an external information use device. This enables the information acquirable by the information use device to be limited.
  • the content playback system is roughly made up of a playback device 100, a reading device 300, and a monitor 30, as shown in FIG. 1.
  • the playback device 100 and the reading device 300 are connected to each other by a cable, and the playback device 100 is connected to the monitor 3 0 that includes a speaker.
  • a recording medium 5 0 0 is inserted into the reading device 300.
  • the recording medium 500 stores encrypted content generated by encrypting content which is constituted by video, audio, and the like, and a manufacturer ID list that includes a condition for permitting the use of the content.
  • the reading device 300 and the playback device 100 each hold a public key certificate, and perform mutual authentication using the held public key certificate. In the mutual authentication, the reading device 300 reads the manufacturer ID list from the recording medium 500, and judges whether the playback device 100 satisfies the condition shown by the manufacturer ID list. If the playback device 100 satisfies the condition, the reading device 300 reads the encrypted content from the recording medium 500 and outputs it to the playback device 100.
  • the playback device 100 receives the encrypted content from the reading device 300, decrypts the encrypted content to generate the content, and outputs the generated content to the monitor 30.
  • the recording medium 500 is a DVD (Digital Versatile Disk) as one example. As shown in FIG. 2, the recording medium 500 stores a playback device authentication CRL (Cert Revocation List) 510, a manufacturer ID list 520, a reading device authentication CRL 530, a media key list 540, an encrypted content key 550, and a content file 560.
  • CRL Content Revocation List
  • FIGS. 3 and 4 show the above information stored on the recording medium 500 in detail. The information stored on the recording medium 500 is explained below, with reference to FIGS. 3 and 4.
  • the playback device authentication CRL 510 is made up of a version number 511, certificate IDs 512 and 513, and a CA signature 514, as shown in FIG. 3A.
  • the version number 511 shows a generation of the playback device authentication CRL 510.
  • a larger version number indicates a newer generation.
  • the certificate ID 512 "RID1" and the certificate ID 513 "RID2" are certificate IDs of revoked public key certificates, among public key certificates of a same structure as a playback device public key certificate 121 (explained in detail later) held by the playback device 100.
  • a public key certificate of a certificate ID "0003" and a public key certificate of a certificate ID "0010" are indicated as revoked.
  • the CA signature 514 "Sig(SK_CA, VN
  • B denotes concatenation of A and B
  • Signature(A, B) denotes signature data generated by applying a signature generation algorithm to information B using signature key A.
  • a CRL having a simple structure such as the one shown in FIG. 3A is described as an example here, a CRL prescribed by X.509 is also applicable. X.509 is explained in detail in non-patent document 1. Likewise, the reading device authentication CRL 530 shown in FIG. 3C may be in compliance with X.509.
  • the manufacturer ID list shows the condition for permitting the use of the encrypted content, and indicates that a device having a public key certificate which includes at least one of the manufacturer ID 521 "MID1" and the manufacturer ID 522 "MID2" is permitted to use the encrypted content.
  • a device having a public key certificate which includes a manufacturer ID "DI001” or a manufacturer ID "PI006" is indicated as being permitted to use the encrypted content.
  • the certificate ID 532 "RID1' " and the certificate ID 533 "RID2'” are certificate IDs of revoked public key certificates, among public key certificates of a same structure as a reading device public key certificate 321 (explained in detail later) held by the reading device 300.
  • the reading device authentication CRL 530 indicates that public key certificates having certificate IDs "0001" and "0006" are revoked.
  • the CA signature 534 "Sig (SK_CA, VN'
  • an encrypted media key corresponding to an invalidated device is a result of encrypting dummy data "0" instead of the media key.
  • a device having a device key "DK1” and a device having a device key “DK6” are invalid, so that these devices cannot generate the media key from the encrypted media key.
  • E(A, B) denotes ciphertext generated by encrypting plaintext B using encryption key A.
  • Encryption algorithm E1 used here is DES (DataEncryption Standard) as one example, though other encryption algorithms are applicable too.
  • a content ID is identification information for identifying content generated by decrypting corresponding encrypted content.
  • a category ID is identification information for identifying a type of content generated by decrypting corresponding encrypted content. For example, a category ID "0001" indicates music, a category ID "0002" indicates photographs, a category ID "0003" indicates AV content, and a category ID "0004" indicates games.
  • Encrypted content is generated by applying encryption algorithm E2 to content which is constituted by video, audio, and the like, using the content key.
  • the encrypted content 561 "E (Kc, ConA) " is generated by encrypting content "ConA” using the content key "Kc”.
  • the content ID 563 "ID_A” is identification information unique to the content "ConA”.
  • the category ID 562 “CaID1” is identification information showing a type of the content "ConA”. In the example of FIG. 4, the category ID 562 “CaID1" is "0001" indicating music.
  • the encrypted content 564 "E(Kc, ConB)" is generated by applying encryption algorithm E2 to content “ConB” using the content key "Kc".
  • the content ID 567 “ID_B” is identification information unique to the content "ConB”.
  • the category ID 566 "CaID2” is identification information showing a type of the content “ConB” . In the example of FIG. 4, the category ID 566 "CaID2" is "0003" indicating AV content.
  • Encryption algorithm E2 is DES or AES (Advanced Encryption Standard) as one example.
  • the content list 570 is composed of content information 571 and content information 572.
  • the content information 571 and the content information 572 respectively correspond to the encrypted content 561 and the encrypted content 564.
  • Each piece of content information is made up of a content ID and a title.
  • the content ID is identification information for identifying content generated by decrypting corresponding encrypted content.
  • the title is a name of the content identified by the corresponding content ID.
  • the content ID "ID_A” included in the content information 571 is the same as the content ID 563 corresponding to the encrypted content 561, and the title “Monster theme song” is a name of the content "ConA” which is generated by decrypting the encrypted content 561.
  • the playback device 100 is connected to the monitor 30 including the speaker, as shown in FIG. 1.
  • the playback device 100 reads encrypted content stored on the recording medium 500 via the reading device 300, decrypts the read encrypted content, and outputs the decrypted content to the monitor 30 to play back the content.
  • the playback device 100 includes a transmission/reception unit 101, a control unit 102, a certificate storage unit 103, a certificate verification unit 106, a shared key generation unit 112, a decryption processing unit 113, a content decryption unit 114, an input reception unit 118, and a playback processing unit 119.
  • FIG. 5A shows the playback device public key certificate 121 stored in the certificate storage unit 103, in detail.
  • the playback device public key certificate 121 is issued by the CA, and includes a certificate ID 122, a manufacturer ID 123, a category ID 124, a public key 126, and a CA signature 127.
  • the certificate ID 122 is identification information unique to the playback device public key certificate 121.
  • the manufacturer ID 123 is identification information showing a manufacturer/seller of content which the playback device 100 is permitted to use. In this example, the manufacturer ID 123 "MIDp" is the same as the manufacturer ID 521 included in the manufacturer ID list 520 stored on the recording medium 500.
  • the category ID 124 shows a type of content which the playback device 100 is permitted to use.
  • the category ID 124 "CaIDp" is "0003" indicating AV content.
  • the playback device public key certificate 121 indicates that the playback device 100 is permitted to use AV content out of content produced/sold by a manufacturer/seller shown by the manufacturer ID 123 "MIDp" .
  • the public key 126 "PK_P” is a public key that is verified as valid by this playback device public key certificate, and corresponds to a secret key "SK_P" held in the shared key generation unit 112.
  • PK_P)" is generated by applying signature generation algorithm S to concatenation "CeIDp
  • the transmission/reception unit 101 acquires the reading device public key certificate, the reading device authentication CRL, the content list, and the like from the reading device 300. Having acquired the reading device public key certificate and the reading device authentication CRL, the transmission/reception unit 101 outputs the acquired reading device public key certificate to the certificate verification unit 106, and notifies the control unit 102 of the acquisition of the reading device public key certificate. Having acquired the content list, the transmission/reception unit 101 outputs the acquired content list to the playback processing unit 119.
  • the signature verification unit 108 receives the reading device public key certificate having the structure shown in FIG. 5B (explained in detail later) from the reading device 300 via the transmission/reception unit 101, and receives an instruction to verify the reading device public key certificate from the control unit 102.
  • the signature verification unit 108 reads the CA public key "PK_CA” from the CA public key storage unit 107, and applies signature verification algorithm V to a CA signature "Sig(SK_CA, CeIDr
  • the signature verification unit 108 If the verification of the CA signature results in a success, the signature verification unit 108 outputs the received reading device public key certificate and the read CA public key "PK_CA" to the validity judgment unit 109.
  • the validity judgment unit 109 receives the reading device public key certificate and the CA public key "PK_CA” from the signature verification unit 108.
  • the validity judgment unit 109 also receives the reading device authentication CRL form the reading device 300 via the transmission/reception unit 101.
  • the validity judgment unit 109 applies the signature verification algorithm V to the CA signature "Sig(SK_CA, VN'
  • the validity judgment unit 109 extracts a certificate ID "CeIDr” from the received reading device public key certificate, and checks whether the extracted certificate ID "CeIDr” is registered in the received reading device authentication CRL. If the extracted certificate ID "CeIDr” is registered in the reading device authentication CRL, the validity judgment unit 109 outputs a control signal indicating a failure of the verification of the reading device public key certificate to the control unit 102, to prohibit subsequent information transmission/reception with the reading device 300.
  • the validity judgment unit 109 If the extracted certificate ID "CeIDr" is not registered in the reading device authentication CRL, the validity judgment unit 109 outputs the received reading device public key certificate to the shared key generation unit 112.
  • the shared key generation unit 112 When requested to start SAC establishment via the transmission/reception unit 101, the shared key generation unit 112 establishes a SAC with the shared key generation unit 312 in the reading device 300, and generates a shared key "Key_s". The SAC establishment between the shared key generation unit 112 and the shared key generation unit 312 will be explained later with reference to a drawing. Once the SAC has been successfully established, the shared key generation unit 112 outputs the generated shared key "Key_s" to the decryption processing unit 113. If the SAC establishment results in a failure, on the other hand, the shared key generation unit 112 outputs a control signal indicating a SAC establishment failure to the control unit 102.
  • Decryption algorithm D3 used here is an algorithm for decrypting ciphertext generated by encryption algorithm E3.
  • the playback processing unit 119 stores various types of screen data such as title display screen data for displaying a title of content stored on the recording medium 500.
  • the playback processing unit 119 receives the content list from the reading device 300 via the transmission/reception unit 101. Also, the playback processing unit 119 receives an instruction to display a disc error screen for notifying the user that the inserted recording medium cannot be used, and a content ID and an instruction to display a content error screen for notifying the user that content designated by the content ID cannot be read. Furthermore, the playback processing unit 119 receives content from the content decryption unit 114.
  • the playback processing unit 119 Upon receiving the disc error screen display instruction, the playback processing unit 119 generates the disc error screen including a character string such as "this disc cannot be played back" based on the stored screen data, and outputs the generated disc error screen to the monitor 30.
  • the playback processing unit 119 Upon receiving the content list, the playback processing unit 119 temporarily stores the received content list. The playback processing unit 119 then generates a title display screen based on the titles included in the content list and the title display screen data, and outputs the generated title display screen to the monitor 30.
  • FIG. 6 shows an example title display screen 131 displayed on the monitor 30.
  • the title display screen 131 includes selection buttons 132 and 133 which correspond to the content information included in the content list. The titles shown in the content list are written on the selection buttons 132 and 133.
  • the playback processing unit 119 Upon receiving the content ID and the content error screen display instruction, the playback processing unit 119 extracts a title corresponding to the received content ID from the stored content list. The playback processing unit 119 generates the content error screen including a character string such as "the monster theme song cannot be played back" based on the extracted title and the stored screen data, and outputs the generated content error screen to the monitor 30.
  • the playback processing unit 119 Upon receiving the content, the playback processing unit 119 generates audio data and a screen from the received content, and outputs them to the monitor 30.
  • control unit 102 receives an prohibition notification indicating that the use of the recording medium 500 is not permitted, from the reading device 300 via the transmission/reception unit 101. Also, the control unit 102 receives a control signal indicating a SAC establishment failure from the shared key generation unit 112. Upon receipt of the prohibition notification or the control signal indicating a SAC establishment failure, the control unit 102 instructs the playback processing unit 119 to display the disc error screen for notifying the user that the inserted recording medium 500 cannot be used.
  • control unit 102 receives a content ID and a read prohibition notification indicating that the reading of content designated by the content ID is not permitted, via the transmission/reception unit 101. Upon receipt of them, the control unit 102 outputs the received content ID to the playback processing unit 119, and instructs the playback processing unit 119 to display the content error screen for notifying the user that the designated content cannot be read.
  • the reading device 300 includes a transmission/reception unit 301, a control unit 302, a certificate storage unit 303, a certificate verification unit 306, a manufacturer ID judgment unit 310, a category judgment unit 311, a shared key generation unit 312, an encryption processing unit 313, a device key storage unit 316, a key decryption unit 317, and a drive unit 320.
  • the certificate ID 322 is identification information unique to the reading device public key certificate 321.
  • the public key 323 "PK_R” is a public key of the reading device 300 that is verified as valid by the reading device public key certificate, and is key information paired with a secret key "SK_R" of the reading device 300 stored in the shared key generation unit 312.
  • the signature information 324 is generated by applying signature generation algorithm S to concatenation "CeIDr
  • the device key storage unit 316 stores a device key "DKk” unique to the reading device 300 (k being a natural number no larger than n) .
  • the device key "DKk” corresponds to one of the encrypted media keys included in the media key list 540.
  • the transmission/reception unit 301 acquires the playback device public key certificate, a content ID, and the like from the playback device 100 .
  • the transmission/reception unit 301 Upon acquiring the playback device public key certificate, the transmission/reception unit 301 outputs the acquiredplayback device public key certificate to the certificate verification unit 306, and also notifies the control unit 302 of the acquisition of the playback device public key certificate.
  • the transmission/reception unit 301 Upon acquiring the content ID, the transmission/reception unit 301 outputs the acquired content ID to the category judgment unit 311.
  • the CA public key storage unit 307 stores the CA public "PK_CA” that is paired with the CA secret key "SK_CA”.
  • the signature verification unit 308 receives the playback device public key certificate 121 having the structure shown in FIG. 5A from the playback device 100 via the transmission/reception unit 301, and receives an instruction to verify the playback device public key certificate from the control unit 302.
  • the signature verification unit 308 Upon acquiring the playback device public key certificate and the verification instruction, the signature verification unit 308 reads the CA public key "PK_CA” from the CA public key storage unit 307, and applies signature verification algorithm V to the CA signature "Sig(SK_CA, CeIDp
  • the signature verification unit 308 If the verification of the CA signature "Sig(SK_CA, CeIDp
  • the signature verification unit 308 If the verification of the CA signature "Sig(SK_CA, CeIDp
  • the validity judgment unit 309 receives the playback device public key certificate and the CA public key "PK_CA” from the signature verification unit 308. Having received the playback device public key certificate and the CA public key "PK_CA” , the validity judgment unit 309 reads the playback device authentication CRL 510 from the recording medium 500 via the drive unit 320.
  • the validity judgment unit 309 applies the signature verification algorithm V to the CA signature 514 included in the read playback device authentication CRL 510 using the received CA public key "PK_CA" , to verify the CA signature 514. If the verification of the CA signature 514 results in a failure, the validity judgment unit 3 09 outputs a control signal indicating a failure of the verification of the playback device public key certificate to the control unit 302, to prohibit subsequent information transmission/reception with the playback device 100.
  • the validity judgment unit 309 extracts the certificate ID "CeIDp" from the received playback device public key certificate, and checks whether the extracted certificate ID "CeIDp" is registered in the read playback device authentication CRL 510. If the extracted certificate ID "CeIDp" is registered in the playback device authentication CRL 510, the validity judgment unit 309 outputs a control signal indicating a failure of the verification of the playback device public key certificate to the control unit 302, to prohibit subsequent information transmission/reception with the playback device 100.
  • the validity judgment unit 309 outputs the received playback device public key certificate to the manufacturer ID judgment unit 310.
  • Manufacturer ID Judgment Unit 310 The manufacturer ID judgment unit 310 receives the playback device public key certificate from the certificate verification unit 306. Having received the playback device public key certificate, the manufacturer ID judgment unit 310 reads the manufacturer ID list 520 from the recording medium 500, and checks whether the manufacturer ID "MIDp" included in the received playback device public key certificate is registered in the read manufacturer ID list 520.
  • the manufacturer ID judgment unit 310 If the manufacturer ID "MIDp" is not registered in the manufacturer ID list 520, the manufacturer ID judgment unit 310 outputs a use prohibition notification indicating that the playback device 100 which holds the received playback device public key certificate is not permitted to use encrypted content recorded on the recording medium 500, to the control unit 302. If the manufacturer ID "MIDp" is registered in the manufacturer ID list 520, the manufacturer ID judgment unit 310 outputs a use permission notification indicating that the playback device 100 is permitted to use encrypted content recorded on the recording medium 500, to the control unit 302. The manufacturer ID judgment unit 310 then outputs the received playback device public key certificate to the category judgment unit 311.
  • the category judgment unit 311 If the two category IDs do not match, the category judgment unit 311 outputs the received content ID and a read prohibition notification indicating that the playback device 100 is not permitted to read content identified by the received content ID, to the control unit 302. If the two category IDs match, the category judgment unit 311 outputs the received content ID and a read permission notification indicating that the playback device 100 is permitted to read the encrypted content corresponding to the received content ID, to the control unit 302. The category judgment unit 311 then outputs the received playback device public key certificate to the shared key generation unit 312.
  • the shared key generation unit 312 receives an instruction to establish a SAC (Secure Authentication Channel) from the control unit 302. Upon receiving the SAC establishment instruction, the shared key generation unit 312 outputs a SAC establishment start request to the shared key generation unit 112 in the playback device 100. The shared key generation unit 312 then establishes a SAC with the shared key generation unit 112, and generates a shared key "Key_s' " .
  • SAC Secure Authentication Channel
  • the shared key generation unit 312 If the SAC establishment results in a failure, the shared key generation unit 312 outputs a control signal indicating a SAC establishment failure to the control unit 302. If the SAC establishment results in a success, the shared key generation unit 312 outputs a control signal indicating a SAC establishment success to the control unit 3 02 , and outputs the generated shared key "Key_s'" to the encryptionprocessing unit 313.
  • the key decryption unit 316 extracts the encrypted media key corresponding to the device key "DKk” from the read media key list 540, and applies decryption algorithm D1 to the extracted encrypted media key using the device key "DKk” to generate the media key "Km”.
  • the key decryption unit 317 applies decryption algorithm D1 to the read encrypted content key 550 using the generated media key "Km", to generate the content key "Kc”.
  • the key decryption unit 317 outputs the generated content key "Kc" to the encryption processing unit 313.
  • Decryption algorithm D1 used here is an algorithm for decrypting ciphertext generated by encryption algorithm E1.
  • Encryption algorithm E3 used here employs a symmetric-key cryptography such as DES or AES.
  • control unit 302 detects the insertion of the recording medium 500 via the drive unit 320.
  • the control unit 302 also detects the reception of the playback device public key certificate from the playback device 100 via the transmission/reception unit 301.
  • the control unit 302 receives the use permission notification or the use prohibition notification from the manufacturer ID judgment unit 310.
  • the control unit 302 also receives the read prohibition notification and the content ID, or the read permission notification and the title from the category judgment unit 311.
  • the control unit 302 Upon detecting the insertion of the recording medium 500, the control unit 302 reads the reading device public key certificate 321 from the certificate storage unit 303, and reads the reading device authentication CRL 530 from the recording medium 500 via the drive unit 320. The control unit 302 outputs the reading device public key certificate 321 and the reading device authentication CRL 530 to the playback device 100 via the transmission/reception unit 301. Upon detecting the reception of the playback device public key certificate, the control unit 302 outputs an instruction to verify the playback device public key certificate to the certificate verification unit 306. If the control unit 3 02 receives a control signal indicating a failure of the verification of the playback device public key certificate from the certificate verification unit 306, the control unit 302 prohibits subsequent information transmission/reception with the playback device 100.
  • the control unit 302 Upon receiving the use permission notification from the manufacturer ID judgment unit 310, the control unit 302 reads the content list 570 included in the content file 560 stored on the recording medium 500 via the drive unit 320, and outputs the read content list 570 to the playback device 100 via the transmission/reception unit 301. Upon receiving the use prohibition notification, on the other hand, the control unit 302 outputs a prohibition notification indicating that the playback device 100 is not permitted to use the recording medium 500 to the playback device 100 via the transmission/reception unit 301, without performing the reading and output of the content list.
  • the control unit 3 02 When receiving the content ID and the read prohibition notification from the category judgment unit 311, the control unit 3 02 outputs the received content ID and a read prohibition notification indicating that the playback device 100 is not permitted to read the designated content, to the playback device 100 via the transmission/reception unit 301.
  • the control unit 302 instructs the shared key generation unit 312 to establish a SAC.
  • the control unit 302 then receives a control signal indicating a SAC establishment success or a control signal indicating a SAC establishment failure from the shared key generation unit 312.
  • the control unit 302 Upon receiving the control signal indicating the SAC establishment failure, the control unit 302 cancels an encrypted content reading operation described below.
  • the control unit 302 Upon receiving the control signal indicating the SAC establishment success, the control unit 302 reads encrypted content corresponding to the content ID received from the category judgment unit 311, from the recording medium 500 via the drive unit 320.
  • the control unit 302 outputs the read encrypted content to the playback device 100 via the transmission/reception unit 301.
  • the control unit 302 also outputs a key decryption instruction to decrypt an encrypted content key, to the key decryption unit 317.
  • the operationof the content playback system is described below, with reference to FIGS. 2 and 7 to 9.
  • the recording medium 500 is inserted into the reading device 300, and the control unit 302 in the reading device 300 detects the insertion of the recording medium 500 via the drive unit 320 (step S111) .
  • the control unit 302 Upon detecting the insertion of the recording medium 500, the control unit 302 reads the reading device public key certificate 321 from the certificate storage unit 303 (step S112), reads the reading device authentication CRL 530 from the recording medium 500 via the drive unit 320 (step S113), and outputs the reading device public key certificate 321 and the reading device authentication CRL 530 to the playback device 100 via the transmission/reception unit 301 (step S116).
  • the control unit 102 in the playback device 100 detects the acquisition of the reading device public key certificate via the transmission/reception unit 101, and instructs the certificate verification unit 106 to verify the reading device public key certificate.
  • the certificate verification unit 106 receives the reading device public key certificate and the reading device authentication CRL from the reading device 300 via the transmission/reception unit 101, and is instructed by the control unit 102 to verify the reading device public key certificate.
  • the signature verification unit 108 in the certificate verification unit 106 Upon receiving the verification instruction, the signature verification unit 108 in the certificate verification unit 106 reads the CA public key "PK_CA” from the CA public key storage unit 107 (step S118), and verifies the CA signature "Sig(SK_CA, CeIDr
  • the signature verification unit 108 outputs the reading device public key certificate and the CA public key "PK_CA” to the validity judgment unit 109.
  • the validity judgment unit 109 receives the reading device authentication CRL via the transmission/reception unit 101, and receives the reading device public key certificate and the CA public key "PK_CA” from the signature verification unit 108.
  • the validity judgment unit 109 verifies the CA signature "Sig(PK_CA, VN'
  • step S123: NO If the verification results in a failure (step S123: NO), the validity judgment unit 109 outputs a control signal indicating a failure of the verification of the reading device public key certificate to the control unit 102, to terminate subsequent processing. If the verification results in a success (step S123: YES), the validity judgment unit 109 extracts the certificate ID "CeIDr" from the reading device public key certificate, and checks whether the extracted certificate ID "CeIDr" is registered in the reading device authentication CRL (step S124) .
  • step S126 If the extracted certificate ID "CeIDr" is registered in the reading device authentication CRL (step S126: YES), the validity judgment unit 109 outputs a control signal indicating a failure of the verification of the reading device public key certificate to the control unit 102, to terminate subsequent processing.
  • the validity judgment unit 109 outputs the reading device public key certificate to the shared key generation unit 112, and a control signal indicating a success of the verification of the reading device public key certificate to the control unit 102.
  • the control unit 102 reads the playback device public key certificate 121 from the certificate storage unit 103 (step S127), and outputs the read playback device public key certificate 121 to the reading device 300 via the transmission/reception unit 101 (step S128).
  • the certificate verification unit 306 in the reading device 300 receives the playback device public key certificate from the playback device 100 via the transmission/reception unit 301, and is instructed by the control unit 302 to verify the playback device public key certificate.
  • the signature verification unit 308 in the certificate verification unit 306 reads the CA public key "PK_CA” from the CA public key storage unit 307 (step S131), and verifies the CA signature "Sig(SK_CA, CeIDp
  • the signature verification unit 308 outputs the read CA public key and the playback device public key certificate to the validity judgment unit 309.
  • the validity judgment unit 309 receives the CA public key "PK_CA” and the playback device public key certificate, reads the playback device authentication CRL from the recording medium 500 via the drive unit 320 (step S134), and verifies the CA signature "Sig (SK_CA, VN
  • the validity judgment unit 309 extracts the certificate ID "CeIDp" from the playback device public key certificate, and checks whether the extracted certificate ID "CeIDp" is registered in the playback device authentication CRL 510 (step S138). If the extracted certificate ID is registered in the playback device authentication CRL (step S141: YES), the validity judgment unit 309 outputs a control signal indicating a signature verification failure to the control unit 302, which responsively prohibits subsequent information transmission/reception with the playback device 100.
  • the validity judgment unit 3 09 outputs the playback device public key certificate to the manufacturer ID judgment unit 310.
  • the manufacturer ID judgment unit 310 receives the playback device public key certificate, and reads the manufacturer ID list 520 from the recording medium 500 via the drive unit 320 (step S142).
  • the manufacturer ID judgment unit 310 compares the manufacture ID "MIDp" included in the received playback device public key certificate with each manufacturer ID included in the manufacturer ID list 520, to check whether the manufacturer ID "MIDp" in the public key certificate is registered in the manufacturer ID list 520 (step S143). If the manufacturer ID "MIDp" in the playback device public key certificate is not registered in the manufacture ID list 520 (step S144: NO), the manufacturer ID judgment unit 310 outputs a use prohibition notification to the control unit 302.
  • the control unit 302 Upon receipt of the use prohibition notification from the manufacturer ID judgment unit 310, the control unit 302 outputs a prohibition notification indicating that the playback device 100 is not permitted to use the recording medium 500, to the payback device 100 via the transmission/reception unit 301 (step S146). In this case, the playback device 100 displays the disc error screen on the monitor 30. If the manufacturer ID "MIDp" in the playback device public key certificate is registered in the manufacturer ID list 520 (step S144: YES), the manufacturer ID judgment unit 310 outputs a use permission notification to the control unit 302.
  • the control unit 302 Upon receiving the use permission notification, the control unit 302 reads the content list 570 included in the content file 560 stored on the recording medium 500 via the drive unit 320 (step S147), and outputs the read content list 570 to the playback device 100 via the transmission/reception unit 301 (step S148).
  • the playback processing unit 119 in the playback device 100 receives the content list from the reading device 300 via the transmission/reception unit 101, generates the title display screen 131 from the received content list and the stored title display screen data, and displays the generated title display screen 131 on the monitor 30 (step S149).
  • the input reception unit 118 receives a user selection by a button operation (step S151), and outputs a content ID corresponding to the selected selection button to the reading device 300 via the transmission/reception unit 101 (step S152).
  • the category judgment unit 311 in the reading device 300 receives the content ID from the playback device 100 via the transmission/reception unit 301, reads a category ID corresponding to the received content ID from the content file 560 stored on the recording medium 500 (step S156), and compares the read category ID with the category ID "CaIDp" included in the playback device public key certificate (step S157). If the two IDs do not match (step S159: NO), the category judgment unit 311 outputs a read prohibition notification indicating prohibition to read content, to the control unit 302.
  • the control unit 302 Upon receipt of the read prohibition notification, the control unit 302 outputs the content ID and a read prohibition notification indicating that the playback device 100 is not permitted to read the designated content, to the playback device 100 via the transmission/receptionunit 301 (step S160) . In this case, the playback device 100 displays the content error screen on the monitor 30. If the two IDs match (step S159: YES), the category judgment unit 311 outputs the received content ID and a read permission notification indicating that the playback device 100 is permitted to read the encrypted content, to the control unit 302. The category judgment unit 311 also outputs the playback device public key certificate to the shared key generation unit 312.
  • the control unit 302 instructs the shared key generation unit 312 to establish a SAC.
  • the shared key generation unit 312 and the shared key generation unit 112 in the playback device 100 establish a SAC and generate a shared key (step S161) . If the SAC establishment results in a failure (steps S162 and S163: NO), the playback device 100 and the reading device 300 terminate subsequent processing. If the SAC establishment results in a success (steps S162 and S163: YES), the playback device 100 and the reading device 300 proceeds to subsequent processing.
  • the control unit 302 reads the encrypted content corresponding to the received content ID from the recording medium 500 (step S164), and outputs the read encrypted content to the playback device 100 via the transmission/reception unit 301 (step S166). Next, the control unit 302 outputs a key decryption instruction to decrypt the encrypted content key, to the key decryption unit 317.
  • the key decryption unit 317 receives the key decryption instruction, reads the media key list 540 and the encrypted content key 550 from the recording medium 500 via the drive unit 320 (step S167), and reads the device key from the device key storage unit 316 (step S169).
  • the key decryption unit 317 then extracts the encrypted media key corresponding to the read device key from the read media key list 540, and decrypts the extracted encrypted media key using the device key to generate the media key "Km” (step S171).
  • the key decryption unit 317 further decrypts the read encrypted content key 550 using the generated media key "Km” , to generate the content key "Kc” (step S172).
  • the key decryption unit 317 outputs the generated content key "Kc" to the encryption processing unit 313.
  • the encryption processing unit 313 receives the shared key "Key_s "' from the shared key generation unit 312, and the content key “Kc” from the key decryption unit 317. Upon receiving these keys, the encryption processing unit 313 encrypts the content key “Kc” using the shared key “Key_s'”, to generate the encrypted content key "E (Key_s', Kc)” (step S174). The encryption processing unit 313 outputs the encrypted content key "E (Key_s', Kc) " to the playback device 100 via the transmission/reception unit 301 (step S176).
  • the content decryption unit 114 in the playback device 100 receives the encrypted content from the reading device 300 via the transmission/reception unit 101, and the decryption processing unit 113 receives the encrypted content key "E(Key_s', Kc)".
  • the decryption processing unit 113 decrypts the encrypted content key "E(Key_s', Kc)" using the shared key "Key_s” received from the shared key generation unit 112, to generate the content key "Kc” (step S178).
  • the decryption processing unit 113 outputs the generated content key "Kc" to the content decryption unit 114.
  • the content decryption unit 114 receives the content key "Kc" from the decryption processing unit 113, and decrypts the encrypted content using the received content key "Kc" to generate content (step S179).
  • the content decryption unit 114 outputs the generated content to the playback processing unit 119.
  • the playback processing unit 119 receives the content from the content decryption unit 114, and plays back the received content on the monitor 30 (step S181).
  • Gen() be a key generation function
  • Y be a parameter unique to the system.
  • the reading device 300 transmits a SAC establishment start request to the playback device 100 (step S813).
  • the playback device 100 receives the SAC establishment start request from the reading device 300.
  • the playback device 100 Upon receiving the SAC establishment start request, the playback device 100 generates a random number "Cha_B" (step S813), and transmits the generated random number "Cha_B” to the reading device 300 (step S814).
  • the reading device 300 receives the randomnumber "Cha_B” , and applies signature generation algorithm S to the received randomnumber “Cha_B” using the secret key “SK_R” of the reading device 300, to generate signature data "Sig_A” (step S815).
  • the reading device 300 transmits the generated signature data "Sig_A” to the playback device 100 (step S816).
  • the playback device 100 Upon receipt of the signature data "Sig_A” , the playback device 100 applies signature verification algorithm V to the received signature data "Sig_A” using the public key "PK_R” of the reading device 300 received in the form of being contained in the reading device public key certificate, for signature verification (step S817).
  • step S818 NO
  • the operation is terminated.
  • step S818: YES the operation is continued.
  • the reading device 300 generates a random number "Cha_A” (step S819), and transmits the generated random number "Cha_A” to the playback device 100 (step S820).
  • the playback device 100 receives the random number "Cha_A”, and applies signature generation algorithm S to the received random number "Cha_A” using the secret key "SK_P" of the playback device 100, to generate signature data "Sig_B” (step S821).
  • the playback device 100 transmits the generated signature data "Sig_B” to the reading device 300 (step S822) .
  • the reading device 300 Upon receipt of the signature data "Sig_B” , the reading device 300 applies signature verification algorithm V to the received signature data "Sig_B” using the public key "PK_P" of the playback device 100 received in the form of being contained in the playback device public key certificate, for signature verification (step S823).
  • step S824: NO the operation is terminated.
  • a manufacturer ID list showing a manufacturer ID of a manufacturer/seller of the recording medium 500 and a category ID showing the type of each set of content are stored on the recording medium 500.
  • a manufacturer ID of a manufacturer/seller of content which the playback device 100 is permitted to use and a category ID showing a type of the content are included in the playback device public key certificate stored in the playback device 100.
  • the reading device 300 judges whether the manufacturer ID included in the playback device public key certificate is registered in the manufacturer ID list. If the manufacturer ID is registered in the manufacturer ID list, the reading device 300 transmits the content list.
  • the playback device 100 displays the title display screen 131, receives a selection from the user, and transmits a selected content ID to the reading device 300.
  • the reading device 300 receives the content ID from the playback device 100, and compares a category ID corresponding to the content ID with the category ID included in the playback device public key certificate. Only when the two category IDs match, the reading device 300 outputs a content key and encrypted content to the playback device 100.
  • the reading device 300 outputs, to the playback device 100, only content that was manufactured/sold by the manufacturer/seller identified by the manufacturer ID included in the playback device public key certificate and that belongs to a category identified by the category ID included in the playback device public key certificate, and does not output other content. This makes it possible to limit content acquirable by the playback device from the recording medium on which a plurality of sets of content are recorded.
  • the playback device public key certificate includes a category ID.
  • the control unit 302 outputs the content list to the playback device 100, and receives a content ID from the playback device 100.
  • the control unit 302 reads a category ID corresponding to the received content ID from the recording medium 500, and outputs encrypted content and the like to the playback device 100 if the read category ID matches the category ID included in the playback device public key certificate.
  • the manufacturer ID list can be omitted from the recording medium 500, and the manufacturer ID judgment unit 310 can be omitted from the reading device 300. Also, a time from the insertion of the recording medium 500 to the start of the content playback can be reduced.
  • the category judgment unit 311 upon receiving the playback device public key certificate from the manufacturer ID judgment unit 310, the category judgment unit 311 reads the content ID 563 and the category ID 562, and the content ID 567 and the category ID 566, from the content file 560 stored on the recording medium 500 via the drive unit 320. The category judgment unit 311 then extracts the category ID from the received playback device public key certificate, compares the extracted category ID with the read category ID 562, and also compares the extracted category ID with the read category ID 566. The category judgment unit 311 outputs a content ID corresponding to one of the category IDs 562 and 566 that matches the extracted category ID, to the control unit 302.
  • the control unit 302 receives the content ID from the category judgment unit 311, and reads the content list 570 via the drive unit 320.
  • the control unit 302 extracts only content information including the received content ID from the read content list 570, and generates an output content list.
  • the control unit 302 outputs the generated output content list to the playback device 100, instead of the content list 570.
  • the transmission/reception unit 301 Upon receiving a content ID from the playback device 100, the transmission/reception unit 301 outputs the received content ID to the control unit 302. Upon receiving the content ID, the control unit 302 instructs the shared key generation unit 312 to establish a SAC. Subsequent processing is the same as that in the first embodiment. According to this modification, regarding content which the playback device 100 is not permitted to use, the playback device 100 is not even notified that the content is recorded on the recording medium 500. Hence the playback device 100 cannot even attempt to read such content.
  • the playback device 100 since only a title of content which the playback device 100 is permitted to use is displayed on the title display screen, the user can reliably select content that can be played back. This improves operability.
  • the playback device public key certificate includes manufacturer IDs "MIDp1" and “MIDp2", and category IDs "0001" and "0003". This indicates that the playback device 100 is permitted to use music (category ID: 0001) and AV content (category ID: 0003) among content manufactured/sold by any of the manufacturer/sellers corresponding to the manufacturer IDs "MIDp1" and "MIDp2".
  • the manufacturer ID judgment unit 310 in the reading device 300 extracts the manufacturer IDs "MIDp1" and "MIDp2" from the playback device public key certificate. If at least one of "MIDp1" and “MIDp2" is registered in the manufacturer ID list 520 read from the recording medium 500, the manufacturer ID judgment unit 310 outputs the playback device public key certificate to the category judgment unit 311, and outputs a use permission notification to the control unit 302.
  • the category judgment unit 311 reads a category ID corresponding to a content ID received from the playback device 100, from the content file 560. If the read category IDmatches any one of "0001" and "0003" included in the playback device public key certificate, the category judgment unit 311 outputs the received content ID and a read permission notification to the control unit 302.
  • the recording medium 500 stores a playback permission list made up of a plurality of pieces of playback permission information, instead of the manufacturer ID list.
  • Each piece of playback permission information corresponds to encrypted content, and is composed of a content ID, a category ID, and a manufacturer ID.
  • playback permission information corresponding to the encrypted content 561 "E (Kc, ConA)" is composed of the content ID "ID_A” uniquely identifying the content "ConA” , the category ID "0001” showing the type of the content "ConA” , and the manufacturer ID showing the manufacturer/seller of the content "ConA”.
  • the reading device 300 reads the content list 570 from the recording medium 500, and outputs the content list 570 to the playback device 100.
  • the reading device 300 Upon receiving a content ID from the playback device 100, the reading device 300 reads playback permission information including the received content ID, and compares a pair of manufacturer ID and category ID included in the read playback permission information with the first permission information in the playback device public key certificate. The reading device 300 then compares the pair of manufacturer ID and category ID included in the read playback permission information with the second permission information. If any one of the first permission information and the second permission information matches the pair of manufacturer ID and category ID included in the read playback permission information, the reading device 300 outputs encrypted content corresponding to the received content ID to the playback device 100.
  • the recording medium 500 stores an application ID showing an application which includes a procedure of decrypting encrypted content and playing back generated content, instead of a category ID.
  • the playback device public key certificate includes an application ID showing an application held in the playback processing unit 119, instead of a category ID.
  • the category judgment unit 311 compares the application IDs, instead of the category IDs.
  • the recording medium 500 stores copy control information in correspondence with each set of encrypted content.
  • the copy control information stored on the recording medium 500 shows copyability of content generated by decrypting the corresponding encrypted content and a number of copies permitted.
  • the reading device 300 outputs encrypted content corresponding to the received content ID to the playback device 100.
  • the recording medium 500 stores a security level of each set of encrypted content, e.g. , a key length of a content key used for the encrypted content.
  • the playback device public key certificate in the playback device 100 includes a security level threshold value.
  • the reading device 300 compares the security level stored on the recording medium 500 with the threshold value included in the playback device public key certificate, instead of comparing category IDs. If the security level is no lower than the threshold value, a read permission notification is output to the control unit 302.
  • the first embodiment describes the case where the two sets of encrypted content recorded on the recording medium 500 are generated using the same content key, but they may be generated using separate content keys.
  • the recording medium 500 stores a key length of a content key used for each set of encrypted content in correspondence with the encrypted content.
  • the recording medium 500 stores a required processing capacity in correspondence with each set of encrypted content, instead of a category ID.
  • the required processing capacity is a processing capacity required for the playback device 100 to decrypt the corresponding encrypted content and play back the decrypted content.
  • the playback device public key certificate includes a processing capacity of the playback processing unit 119, instead of a category ID.
  • the reading device 300 compares a required processing capacity corresponding to a content ID received from the playback device 100 with the processing capacity included in the playback device public key certificate, instead of comparing category IDs. If the processing capacity included in the playback device public key certificate is no lower than the required threshold value, the reading device 300 outputs an encrypted content key and encrypted content corresponding to the received content ID to the playback device 100.
  • the playback device 100 safely holds the permission classifying information, by storing the permission classifying information in a tamper-resistant secure memory that cannot be read directly by an external device, by adding a signature by an authorized third party or content manufacturer/seller to the permission classifying information, or by storing the permission classifying information in the form of being encrypted using a secret key possessed only by the reading device.
  • the first embodiment describes the content playback system that is constituted by the reading device, the playback device, and the monitor, but a device for processing/editing read content or a recording device for writing read content to another recording medium may be provided instead of the playback device.
  • the playback processing unit 119 stores a game execution application, a music playback application, and a video playback application.
  • the certificate storage unit 103 stores three application public key certificates having the same structure as the playback device public key certificate described in the first embodiment.
  • the three application public key certificates correspond to the three applications held by the playbackprocessing unit 119.
  • An application certificate corresponding to the game execution application includes the category ID "0004" indicating games.
  • An application certificate corresponding to the music playback application includes the category ID "0001" indicating music.
  • An application certificate corresponding to the video playback application includes the category ID "0003" indicating AV content.
  • the control unit 102 When the playback device 100 is powered on, the control unit 102 generates a menu screen including names of the three applications, outputs the generatedmenu screen to the monitor 30, and receives a selection of an application from the user via the input receptionunit 118 . Upon receiving the selection from the user, the control unit 102 instructs the playback processing unit 119 to start the selected application.
  • a subsequent operation of the playback device is the same as the operation in the first embodiment, except that the control unit 102 outputs an application public key certificate corresponding to the user selected application to the reading device 300 instead of the playback device public key certificate.
  • the recording medium inserted in the writing device is a writable optical disc.
  • a category ID list including one or more category IDs is stored on this recording medium.
  • the PC holds a PC public key certificate having a similar structure to the playback device public key certificate in the first embodiment. It is assumed here that the PC public key certificate does not include any manufacturer ID but includes the category ID "0002".
  • the writing device reads the category ID list from the recording medium, and writes data received from the PC onto the recording medium only when the category ID "0002" in the PC public key certificate is included in the read category ID list.
  • the present invention may be realized by a computer-readable recording medium, such as a flexible disk, a hard disk, a CD-ROM, an MO, a DVD, a DVD-ROM, a DVD-RAM, a BD (Blu-ray Disc), or a semiconductor memory, on which the above computer program or digital signal is recorded.
  • a computer-readable recording medium such as a flexible disk, a hard disk, a CD-ROM, an MO, a DVD, a DVD-ROM, a DVD-RAM, a BD (Blu-ray Disc), or a semiconductor memory, on which the above computer program or digital signal is recorded.
  • the present invention may also be realized by the computer program or digital signal that is recorded on such a recording medium.
  • the computer program or digital signal that achieves the present invention may also be transmitted via a network, such as an electronic communications network, a wired or wireless communications network, or an internet, or via data broadcasting.
  • the present invention can also be realized by a computer system that includes a microprocessor and a memory.
  • the computer program can be stored in the memory, with the microprocessor operating in accordance with this computer program.
  • the computer program or the digital signal may be provided to an independent computer system by distributing a recording medium on which the computer program or the digital signal is recorded, or by transmitting the computer program or the digital signal via a network.
  • the independent computer system may then execute the computer program or the digital signal to function as the present invention.
  • the present invention can be used recurrently and continuously in an industry for producing and selling digital content, an industry for manufacturing and selling various electrical devices that use the digital content, and an industry for providing various services using the digital content.
EP05743479A 2004-06-08 2005-05-30 Dispositif d"acquisition d"information, méthode d"acquisition d"information et programme d"acquisition d"information Withdrawn EP1770532A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2004170399 2004-06-08
PCT/JP2005/009884 WO2005121980A1 (fr) 2004-06-08 2005-05-30 Dispositif d’acquisition d’information, méthode d’acquisition d’information et programme d’acquisition d’information

Publications (1)

Publication Number Publication Date
EP1770532A1 true EP1770532A1 (fr) 2007-04-04

Family

ID=35503255

Family Applications (1)

Application Number Title Priority Date Filing Date
EP05743479A Withdrawn EP1770532A1 (fr) 2004-06-08 2005-05-30 Dispositif d"acquisition d"information, méthode d"acquisition d"information et programme d"acquisition d"information

Country Status (5)

Country Link
US (1) US20090024849A1 (fr)
EP (1) EP1770532A1 (fr)
JP (1) JPWO2005121980A1 (fr)
CN (1) CN1973269A (fr)
WO (1) WO2005121980A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2557808A3 (fr) * 2011-08-11 2015-07-29 Sony Corporation Dispositif de traitement d'informations, procédé de traitement d'informations et programme

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7613915B2 (en) * 2006-11-09 2009-11-03 BroadOn Communications Corp Method for programming on-chip non-volatile memory in a secure processor, and a device so programmed
WO2009011050A1 (fr) * 2007-07-18 2009-01-22 Pioneer Corporation Milieu d'enregistrement d'informations, dispositif de traitement d'informations et procédé
JP4371327B2 (ja) * 2007-10-24 2009-11-25 富士通株式会社 申請処理プログラム、申請処理方法、および仲介サーバ装置、並びに仲介サーバシステム
JP4799626B2 (ja) 2009-02-04 2011-10-26 ソニーオプティアーク株式会社 情報処理装置、および情報処理方法、並びにプログラム
KR101775971B1 (ko) 2010-10-29 2017-09-07 삼성전자주식회사 저장 장치, 저장 장치의 인증 방법 및 인증 장치
US20120173874A1 (en) * 2011-01-04 2012-07-05 Qualcomm Incorporated Method And Apparatus For Protecting Against A Rogue Certificate
US9166980B2 (en) 2011-05-09 2015-10-20 Panasonic Corporation Content management system, management server, memory media device and content management method
JP5776432B2 (ja) * 2011-08-11 2015-09-09 ソニー株式会社 情報処理装置、および情報処理方法、並びにプログラム
JP5747758B2 (ja) * 2011-09-15 2015-07-15 ソニー株式会社 情報処理装置、および情報処理方法、並びにプログラム
BR112016000036B1 (pt) 2013-07-10 2023-05-09 Sony Corporation Dispositivo de recep«ão, e, mtodo para recep«ão de um dispositivo de recep«ão e para transmissão
US20150096057A1 (en) * 2013-09-30 2015-04-02 Sonic Ip, Inc. Device Robustness Framework
JP5999224B2 (ja) * 2015-06-18 2016-09-28 ソニー株式会社 情報処理装置、および情報処理方法、並びにプログラム

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DK0932398T3 (da) * 1996-06-28 2006-09-25 Ortho Mcneil Pharm Inc Anvendelse af topiramat eller derivater deraf til fremstilling af et lægemiddel til behandling af maniodepressive bipolære forstyrrelser
US6738559B1 (en) * 1999-06-29 2004-05-18 Lg Electronics Inc. Feature-dependent operating method between two connected equipments and an apparatus for controlling the operating method
KR100769437B1 (ko) * 1999-09-01 2007-10-22 마츠시타 덴끼 산교 가부시키가이샤 분배 시스템, 반도체 메모리 카드, 수신장치, 컴퓨터가판독할 수 있는 기록매체 및 수신방법
JP2001092880A (ja) * 1999-09-17 2001-04-06 Sony Corp 情報提供システム、リスト送信装置、情報受信装置及び情報提供方法
JP2001331106A (ja) * 2000-03-14 2001-11-30 Matsushita Electric Ind Co Ltd 暗号化情報信号、情報記録媒体、情報信号再生装置、および、情報信号記録装置
JP4608749B2 (ja) * 2000-07-24 2011-01-12 ソニー株式会社 データ処理装置、データ処理方法、およびライセンスシステム、並びにプログラム提供媒体
JP4524480B2 (ja) * 2000-11-24 2010-08-18 三洋電機株式会社 データ端末装置
US20020076204A1 (en) * 2000-12-18 2002-06-20 Toshihisa Nakano Key management device/method/program, recording medium, reproducing device/method, recording device, and computer-readable, second recording medium storing the key management program for copyright protection
US7308717B2 (en) * 2001-02-23 2007-12-11 International Business Machines Corporation System and method for supporting digital rights management in an enhanced Java™ 2 runtime environment
US20030159033A1 (en) * 2001-03-29 2003-08-21 Ryuji Ishiguro Information processing apparatus
US8131993B2 (en) * 2001-05-23 2012-03-06 Sharestream, Llc System and method for a commercial multimedia rental and distribution system
MXPA04000999A (es) * 2001-08-01 2004-04-20 Matsushita Electric Ind Co Ltd Sistema de comunicacion con encriptacion.
JP2003209552A (ja) * 2002-01-11 2003-07-25 Canon Inc 電子機器
JP2003233555A (ja) * 2002-02-13 2003-08-22 Zenrin Datacom Co Ltd 情報管理システム
JP4057382B2 (ja) * 2002-09-11 2008-03-05 日立マクセル株式会社 取り外し可能な記録媒体の駆動装置、及び、取り外し可能な記録媒体の情報の記録の制御方法
US8064508B1 (en) * 2002-09-19 2011-11-22 Silicon Image, Inc. Equalizer with controllably weighted parallel high pass and low pass filters and receiver including such an equalizer
US7502470B2 (en) * 2003-01-13 2009-03-10 Silicon Image, Inc. Method and apparatus for content protection within an open architecture system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2005121980A1 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2557808A3 (fr) * 2011-08-11 2015-07-29 Sony Corporation Dispositif de traitement d'informations, procédé de traitement d'informations et programme

Also Published As

Publication number Publication date
CN1973269A (zh) 2007-05-30
WO2005121980A1 (fr) 2005-12-22
JPWO2005121980A1 (ja) 2008-04-10
US20090024849A1 (en) 2009-01-22

Similar Documents

Publication Publication Date Title
EP1770532A1 (fr) Dispositif d"acquisition d"information, méthode d"acquisition d"information et programme d"acquisition d"information
US7940935B2 (en) Content playback apparatus, content playback method, computer program, key relay apparatus, and recording medium
KR100456496B1 (ko) 데이터 인증 처리 시스템
US8132024B2 (en) Digital work protection system, recording apparatus, reproduction apparatus, and recording medium
US7831831B2 (en) Authentication communication system, authentication communication apparatus, and authentication communication method
TWI395606B (zh) 用於認證硬碟機的方法及系統
EP2890046B1 (fr) Dispositif de traitement d'informations, dispositif de mémorisation d'informations, serveur, système de traitement d'informations, procédé de traitement d'informations et programme
US7647646B2 (en) Information input/output system, key management device, and user device
US9037863B2 (en) Terminal device, server device, content recording control system, recording method, and recording permission control method
KR20010108397A (ko) 기억 디바이스의 인증 처리 시스템
EP1524582A2 (fr) Appareil de traitement d'information, support d'enregistrement d'information, méthode de traitement d'information et logiciel associé
US8275998B2 (en) Encryption device, key distribution device and key distribution system
EP2196939A1 (fr) Système de protection des droits d'auteur, dispositif de reproduction et procédé de reproduction
KR20140026476A (ko) 정보 처리 장치 및 정보 처리 방법, 및 프로그램
US8171566B2 (en) Copyright protection data processing system and reproduction device
US9106882B2 (en) Terminal device, content recording system, title key recording method, and computer program
CN1954542A (zh) 加密设备、密钥分发设备和密钥分发系统
JP2009122923A (ja) 著作権保護システム、再生装置、及び再生方法
JP2009110596A (ja) ディスク、および情報処理方法、並びにコンピュータ・プログラム

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20061130

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU MC NL PL PT RO SE SI SK TR

DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20080123